11 matches found
CVE-2025-2244
CVE-2025-2244 affects Bitdefender GravityZone Console, via the vulnerable sendMailFromRemoteSource method in Emails.php that unserializes user input without validation. This enables PHP object injection, leading to a file write and arbitrary command execution on the host, per multiple sources. In...
CVE-2022-0677
CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...
CVE-2024-4177
The CVE-2024-4177 issue affects Bitdefender GravityZone Update Server (on‑premise) with GravityZone Console versions prior to 6.38.1-2. The root cause is a host whitelist parser in the proxy service, enabling server-side request forgery (SSRF). Impact is high/critical per sources, with network at...
CVE-2025-2243
Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...
CVE-2022-2830
CVE-2022-2830 describes a Deserialization of Untrusted Data vulnerability in Bitdefender GravityZone Console’s message processing component. Affected: GravityZone Console On-Premise < 6.29.2-1 and GravityZone Cloud Console
CVE-2024-6980
The CVE-2024-6980 entry concerns Bitdefender GravityZone: GravityZone Console on-premises prior to 6.38.1-5, where a verbose error handling issue in the Update Server proxy service enables server-side request forgery (SSRF). The vulnerability affects the proxy component (GravityZone Update Server...
CVE-2021-3960
In Bitdefender GravityZone, CVE-2021-3960 describes a Path Traversal in the UpdateServer component that can allow arbitrary code execution on affected instances. Affected versions are GravityZone prior to 3.3.8.272. Several records also reference a related Privilege Escalation via the UpdateServe...
CVE-2021-3554
CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...
CVE-2021-3823
CVE-2021-3823 is a path-traversal vulnerability in Bitdefender GravityZone UpdateServer (relay mode) that allows arbitrary code execution on vulnerable instances. Affected: Bitdefender GravityZone prior to version 3.3.8.249. Root cause: improper limitation of a pathname to a restricted directory ...
CVE-2021-3959
CVE-2021-3959 describes a Server-Side Request Forgery (SSRF) in the EPPUpdateService of Bitdefender GravityZone. Affected: GravityZone versions prior to 3.3.8.272. The vulnerability allows a proxy of requests to the relay server. The available references indicate no explicit exploit details or in...
CVE-2017-8931
The CVE-2017-8931 entry affects the Bitdefender GravityZone VMware appliance prior to version 6.2.1-35, where an attacker could gain root privileges via unspecified vectors. The NVD entry lists a CVSSv3 base score of 9.8 (CRITICAL) with network attack vector and privileges required: none. Connect...